Skip to content
This repository was archived by the owner on Feb 11, 2026. It is now read-only.

Fix the release images jobs #582

Merged
Gregory-Pereira merged 1 commit into from
Feb 13, 2025
Merged

Fix the release images jobs #582

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
84 changes: 29 additions & 55 deletions .github/workflows/release-images.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,10 @@ on:

env:
GHCR_REGISTRY: ghcr.io
GHCR_UI_IMAGE_NAME: "${{ github.repository }}/ui"
GHCR_UI_IMAGE_NAME: ${{ github.repository }}/ui
GHCR_PS_IMAGE_NAME: ${{ github.repository }}/pathservice
QUAY_REGISTRY: quay.io
QUAY_UI_IMAGE_NAME: instructlab-ui/ui
GHCR_PS_IMAGE_NAME: "${{ github.repository }}/pathservice"
QUAY_PS_IMAGE_NAME: instructlab-ui/pathservice

jobs:
Expand All @@ -23,31 +23,22 @@ jobs:
id-token: write

steps:
- name: Extract Release Tag
id: get_release_tag
run: |-
RELEASE_TAG="release-${{ github.event.release.tag_name }}"
echo "RELEASE_TAG=${RELEASE_TAG}" >> "$GITHUB_ENV"

- name: Check out the repo
uses: actions/checkout@v4
with:
token: ${{ secrets.BOT_PAT }}
ref: "${{ steps.get_release_tag.outputs.RELEASE_TAG }}"

- name: Log in to the GHCR container image registry
uses: docker/login-action@v3
with:
registry: "${{ env.GHCR_REGISTRY }}"
username: "${{ github.actor }}"
password: "${{ secrets.GITHUB_TOKEN }}"
registry: ${{ env.GHCR_REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Log in to the Quay container image registry
uses: docker/login-action@v3
with:
registry: "${{ env.QUAY_REGISTRY }}"
username: "${{ secrets.QUAY_USERNAME }}"
password: "${{ secrets.QUAY_TOKEN }}"
registry: ${{ env.QUAY_REGISTRY }}
username: ${{ secrets.QUAY_USERNAME }}
password: ${{ secrets.QUAY_TOKEN }}

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
Expand All @@ -56,15 +47,15 @@ jobs:
uses: actions/cache@v4
with:
path: /tmp/.buildx-cache
key: "${{ runner.os }}-buildx-${{ github.sha }}"
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |-
"${{ runner.os }}-buildx-"
${{ runner.os }}-buildx-

- name: Extract metadata (tags, labels) for UI image
id: ghcr_ui_meta
uses: docker/metadata-action@v5
with:
images: "${{ env.GHCR_REGISTRY }}/${{ env.GHCR_UI_IMAGE_NAME }}"
images: ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_UI_IMAGE_NAME }}

- name: Extract metadata (tags, labels) for UI image
id: quay_ui_meta
Expand All @@ -78,14 +69,12 @@ jobs:
with:
context: .
push: true
tags: |-
"${{ steps.ghcr_ui_meta.outputs.tags }}"
"${{ env.GHCR_REGISTRY }}/${{ env.GHCR_UI_IMAGE_NAME }}:${{ steps.get_release_tag.outputs.RELEASE_TAG }}"
tags: ${{ steps.ghcr_ui_meta.outputs.tags }}
labels: ${{ steps.ghcr_ui_meta.outputs.labels }}
platforms: linux/amd64,linux/arm64
cache-from: type=gha
cache-to: type=gha,mode=max
file: Containerfile
file: src/Containerfile

- name: Generate Prod UI GHCR artifact attestation
uses: actions/attest-build-provenance@v2
Expand All @@ -100,27 +89,25 @@ jobs:
with:
context: .
push: true
tags: |-
"${{ steps.quay_ui_meta.outputs.tags }}"
"${{ env.QUAY_REGISTRY }}/${{ env.QUAY_UI_IMAGE_NAME }}:${{ steps.get_release_tag.outputs.RELEASE_TAG }}"
tags: ${{ steps.quay_ui_meta.outputs.tags }}
labels: ${{ steps.quay_ui_meta.outputs.labels }}
platforms: linux/amd64,linux/arm64
cache-from: type=gha
cache-to: type=gha,mode=max
file: Containerfile
file: src/Containerfile

- name: Generate PROD UI Quay artifact attestation
uses: actions/attest-build-provenance@v2
with:
subject-name: ${{ env.QUAY_REGISTRY }}/${{ env.QUAY_UI_IMAGE_NAME}}
subject-digest: ${{ steps.push-ui-quay.outputs.digest }}
push-to-registry: true

- name: Re-Checkout main on the repo
uses: actions/checkout@v4
with:
token: "${{ secrets.BOT_PAT }}"
ref: "main"
token: ${{ secrets.BOT_PAT }}
ref: main

- name: Update coderefs before code changes
run: |-
Expand All @@ -129,7 +116,7 @@ jobs:
- name: Update Prod Quay PS image
id: update_prod_ui_manifest_image
env:
RELEASE_TAG: ${{ steps.get_release_tag.outputs.RELEASE_TAG }}
RELEASE_TAG: ${{ github.event.release.tag_name }}
run: |-
sudo wget https://github.com/mikefarah/yq/releases/download/v4.34.1/yq_linux_amd64 -O /usr/local/bin/yq
sudo chmod +x /usr/local/bin/yq
Expand All @@ -142,7 +129,7 @@ jobs:
git config user.name "platform-engineering-bot"
git config user.email "platform-engineering@redhat.com"
git add deploy/k8s/overlays/openshift/prod/kustomization.yaml
git commit -m "[CI AUTOMATION]: Bumping Prod UI image to tag: ${{ steps.get_release_tag.outputs.RELEASE_TAG }}" -s
git commit -m "[CI AUTOMATION]: Bumping Prod UI image to tag: ${{ github.event.release.tag_name }}" -s
git push origin main

build_and_publish_ps_prod_image:
Expand All @@ -156,17 +143,8 @@ jobs:
id-token: write

steps:
- name: Extract Release Tag
id: get_release_tag
run: |-
RELEASE_TAG="release-${{ github.event.release.tag_name }}"
echo "RELEASE_TAG=${RELEASE_TAG}" >> "$GITHUB_ENV"

- name: Check out the repo
uses: actions/checkout@v4
with:
token: ${{ secrets.BOT_PAT }}
ref: "${{ steps.get_release_tag.outputs.RELEASE_TAG }}"

- name: Log in to the GHCR container image registry
uses: docker/login-action@v3
Expand Down Expand Up @@ -211,14 +189,12 @@ jobs:
with:
context: .
push: true
tags: |-
"${{ steps.ghcr_ps_meta.outputs.tags }}"
"${{ env.GHCR_REGISTRY }}/${{ env.GHCR_PS_IMAGE_NAME }}:${{ steps.get_release_tag.outputs.RELEASE_TAG }}"
tags: ${{ steps.ghcr_ps_meta.outputs.tags }}
labels: ${{ steps.ghcr_ps_meta.outputs.labels }}
platforms: linux/amd64,linux/arm64
cache-from: type=gha
cache-to: type=gha,mode=max
file: Containerfile
file: pathservice/Containerfile

- name: Generate GHCR PS Image attestation
uses: actions/attest-build-provenance@v2
Expand All @@ -233,14 +209,12 @@ jobs:
with:
context: .
push: true
tags: |-
"${{ steps.quay_ps_meta.outputs.tags }}"
"${{ env.QUAY_REGISTRY }}/${{ env.QUAY_PS_IMAGE_NAME }}:${{ steps.get_release_tag.outputs.RELEASE_TAG }}"
tags: ${{ steps.quay_ps_meta.outputs.tags }}
labels: ${{ steps.quay_ps_meta.outputs.labels }}
platforms: linux/amd64,linux/arm64
cache-from: type=gha
cache-to: type=gha,mode=max
file: Containerfile
file: pathservice/Containerfile

- name: Generate Quay PS Image attestation
uses: actions/attest-build-provenance@v2
Expand All @@ -252,17 +226,17 @@ jobs:
- name: Checkout main on the repo
uses: actions/checkout@v4
with:
token: "${{ secrets.BOT_PAT }}"
ref: "main"
token: ${{ secrets.BOT_PAT }}
ref: main

- name: Update coderefs before code changes
run: |-
git pull --ff-only

- name: Update Prod Quay PS image
id: update_prod_ps_manifest_image
env:
RELEASE_TAG: ${{ steps.get_release_tag.outputs.RELEASE_TAG }}
RELEASE_TAG: ${{ github.event.release.tag_name }}
run: |-
sudo wget https://github.com/mikefarah/yq/releases/download/v4.34.1/yq_linux_amd64 -O /usr/local/bin/yq
sudo chmod +x /usr/local/bin/yq
Expand All @@ -275,5 +249,5 @@ jobs:
git config user.name "platform-engineering-bot"
git config user.email "platform-engineering@redhat.com"
git add deploy/k8s/overlays/openshift/prod/kustomization.yaml
git commit -m "[CI AUTOMATION]: Bumping Prod PS image to tag: ${{ steps.get_release_tag.outputs.RELEASE_TAG }}" -s
git commit -m "[CI AUTOMATION]: Bumping Prod PS image to tag: ${{ github.event.release.tag_name }}" -s
git push origin main